SB2022020205 - Privilege escalation in IBM Netezza PDA OS Security
Published: February 2, 2022 Updated: April 27, 2023
Security Bulletin ID
SB2022020205
Severity
Medium
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2021-4034)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of the calling parameters count in the pkexec setuid binary, which causes the binary to execute environment variables as commands. A local user can craft environment variables in a way that they will be processed and executed by pkexec and execute arbitrary commands on the system as root.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-cve-2021-4034-in-polkit-affects-ibm-netezza-pda-os-security/"
- https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerability-cve-2021-4034-in-polkit-affects-ibm-netezza-pda-os-security/</a></p><p>
- https://www.ibm.com/support/pages/node/6552330</p><p><br></p>